Multiple vulnerabilities in AMD server processors
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 15 |
| CVE-ID | CVE-2021-46763 CVE-2023-20520 CVE-2023-20524 CVE-2021-46762 CVE-2022-23818 CVE-2021-46775 CVE-2021-46764 CVE-2021-46756 CVE-2021-46769 CVE-2021-26406 CVE-2021-26397 CVE-2021-26379 CVE-2021-26371 CVE-2021-26356 CVE-2021-26354 |
| CWE-ID | CWE-787 CWE-121 CWE-119 CWE-20 CWE-295 CWE-401 CWE-367 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
2nd Gen AMD EPYC Processors Hardware solutions / Firmware 3rd Gen AMD EPYC Processors Hardware solutions / Firmware 1st Gen AMD EPYC Processors Hardware solutions / Firmware |
| Vendor |
Security Bulletin
This security bulletin contains information about 15 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU75986
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46763
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the SMU. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versions2nd Gen AMD EPYC Processors: before RomePI 1.0.0.E
3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.9
External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-3001.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Stack-based buffer overflow
EUVDB-ID: #VU75992
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20520
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in ASP Bootloader. A local user can trigger a stack-based buffer overflow and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versions1st Gen AMD EPYC Processors: before NaplesPI 1.0.0.H
2nd Gen AMD EPYC Processors: before RomePI 1.0.0.D
3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.5
External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-3001.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds write
EUVDB-ID: #VU75991
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20524
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error. A a compromised ASP can send malformed commands to an ASP on another CPU, trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versions2nd Gen AMD EPYC Processors: before RomePI 1.0.0.C
3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.5
External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-3001.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU75990
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46762
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the SMU. A local user can corrupt SMU SRAM and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versions2nd Gen AMD EPYC Processors: before RomePI 1.0.0.E
3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.9
External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-3001.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU75989
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23818
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation on the model specific VM_HSAVE_PA register. A local user perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versions3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.9
External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-3001.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU75988
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46775
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in ABL. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versions2nd Gen AMD EPYC Processors: before RomePI 1.0.0.E
3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.9
External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-3001.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU75987
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46764
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation of DRAM addresses in SMU. A local user can overwrite sensitive memory locations within the ASP and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versions2nd Gen AMD EPYC Processors: before RomePI 1.0.0.E
3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.9
External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-3001.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU75985
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46756
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader. A local user with a malicious Uapp or ABL can send malformed or invalid syscall to the bootloader and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versions1st Gen AMD EPYC Processors: before NaplesPI 1.0.0.J
2nd Gen AMD EPYC Processors: before RomePI 1.0.0.E
3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.9
External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-3001.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU75920
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46769
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient syscall validation in the ASP Bootloader. A local privileged user can execute arbitrary DMA copies and escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versions2nd Gen AMD EPYC Processors: before RomePI 1.0.0.E
3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.9
External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-3001.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper Certificate Validation
EUVDB-ID: #VU75984
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26406
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient parsing of Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versions1st Gen AMD EPYC Processors: before NaplesPI 1.0.0.E
2nd Gen AMD EPYC Processors: before RomePI 1.0.0.A
External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-3001.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU75983
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26397
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient address validation. A local user with a compromised ABL and UApp can corrupt sensitive memory locations and escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versions3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.9
External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-3001.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU75982
Risk: Low
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26379
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient input validation of mailbox data in the SMU. A local user can coerce the SMU to corrupt SMRAM and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versions2nd Gen AMD EPYC Processors: before RomePI 1.0.0.E
3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.9
External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-3001.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Memory leak
EUVDB-ID: #VU75981
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26371
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due memory leak. A compromised or malicious ABL or UApp can send a SHA256 system call to the bootloader and expose ASP memory to userspace.
MitigationInstall updates from vendor's website.
Vulnerable software versions1st Gen AMD EPYC Processors: before NaplesPI 1.0.0.H
2nd Gen AMD EPYC Processors: before RomePI 1.0.0.D
3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.6
External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-3001.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Time-of-check Time-of-use (TOCTOU) Race Condition
EUVDB-ID: #VU75925
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26356
CWE-ID:
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a race condition in ASP bootloader. A local user can tamper with the SPI ROM, corrupt S3 data and gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versions1st Gen AMD EPYC Processors: before NaplesPI 1.0.0.H
2nd Gen AMD EPYC Processors: before RomePI 1.0.0.D
3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.6
External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-3001.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Buffer overflow
EUVDB-ID: #VU75923
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26354
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in ASP. A malicious process can issue a system call from a compromised ABL, which can cause arbitrary memory values to be initialized to zero, leading to loss of integrity and a potential crash.
Install updates from vendor's website.
Vulnerable software versions2nd Gen AMD EPYC Processors: before RomePI 1.0.0.C
3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.4
External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-3001.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
